Update monitoring packages to latest versions

- Updated all OpenTelemetry packages to latest versions: - opentelemetry-api: 1.27.0 → 1.39.1 - opentelemetry-sdk: 1.27.0 → 1.39.1 - opentelemetry-exporter-otlp-proto-grpc: 1.27.0 → 1.39.1 - opentelemetry-exporter-otlp-proto-http: 1.27.0 → 1.39.1 - opentelemetry-instrumentation-fastapi: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-httpx: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-redis: 0.48b0 → 0.60b1 - opentelemetry-instrumentation-sqlalchemy: 0.48b0 → 0.60b1 - Removed prometheus-client==0.23.1 from all services - Unified all services to use the same monitoring package versions Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
2026-01-08 19:25:52 +01:00
parent dfb7e4b237
commit 29d19087f1
129 changed files with 5718 additions and 1821 deletions
--- a/infrastructure/kubernetes/overlays/prod/kustomization.yaml
+++ b/infrastructure/kubernetes/overlays/prod/kustomization.yaml
@@ -8,13 +8,13 @@ namespace: bakery-ia

 resources:
  - ../../base
-  - ../../base/components/monitoring
  - prod-ingress.yaml
-  - prod-configmap.yaml
+  # SigNoz is managed via Helm deployment (see infrastructure/helm/deploy-signoz.sh)
+  # Monitoring is handled by SigNoz (no separate monitoring components needed)
+  # SigNoz paths are now included in the main ingress (ingress-https.yaml)

 patchesStrategicMerge:
  - storage-patch.yaml
-  - monitoring-ingress-patch.yaml

 labels:
  - includeSelectors: true
@@ -22,8 +22,83 @@ labels:
      environment: production
      tier: production

-# SigNoz resource patches for production
+# Production configuration patches
 patches:
+  # Override ConfigMap values for production
+  - target:
+      kind: ConfigMap
+      name: bakery-config
+    patch: |-
+      - op: replace
+        path: /data/ENVIRONMENT
+        value: "production"
+      - op: replace
+        path: /data/DEBUG
+        value: "false"
+      - op: replace
+        path: /data/LOG_LEVEL
+        value: "INFO"
+      - op: replace
+        path: /data/PROFILING_ENABLED
+        value: "false"
+      - op: replace
+        path: /data/MOCK_EXTERNAL_APIS
+        value: "false"
+      - op: add
+        path: /data/REQUEST_TIMEOUT
+        value: "30"
+      - op: add
+        path: /data/MAX_CONNECTIONS
+        value: "100"
+      - op: replace
+        path: /data/ENABLE_TRACING
+        value: "true"
+      - op: replace
+        path: /data/ENABLE_METRICS
+        value: "true"
+      - op: replace
+        path: /data/ENABLE_LOGS
+        value: "true"
+      - op: add
+        path: /data/OTEL_EXPORTER_OTLP_ENDPOINT
+        value: "http://signoz-otel-collector.signoz.svc.cluster.local:4317"
+      - op: add
+        path: /data/OTEL_EXPORTER_OTLP_PROTOCOL
+        value: "grpc"
+      - op: add
+        path: /data/OTEL_SERVICE_NAME
+        value: "bakery-ia"
+      - op: add
+        path: /data/OTEL_RESOURCE_ATTRIBUTES
+        value: "deployment.environment=production,cluster.name=bakery-ia-prod"
+      - op: add
+        path: /data/SIGNOZ_ENDPOINT
+        value: "http://signoz-query-service.signoz.svc.cluster.local:8080"
+      - op: add
+        path: /data/SIGNOZ_FRONTEND_URL
+        value: "https://monitoring.bakewise.ai/signoz"
+      - op: add
+        path: /data/SIGNOZ_ROOT_URL
+        value: "https://monitoring.bakewise.ai/signoz"
+      - op: add
+        path: /data/RATE_LIMIT_ENABLED
+        value: "true"
+      - op: add
+        path: /data/RATE_LIMIT_PER_MINUTE
+        value: "60"
+      - op: add
+        path: /data/CORS_ORIGINS
+        value: "https://bakewise.ai"
+      - op: add
+        path: /data/CORS_ALLOW_CREDENTIALS
+        value: "true"
+      - op: add
+        path: /data/VITE_API_URL
+        value: "/api"
+      - op: add
+        path: /data/VITE_ENVIRONMENT
+        value: "production"
+  # SigNoz resource patches for production
  # SigNoz ClickHouse production configuration
  - target:
      group: apps
--- a/infrastructure/kubernetes/overlays/prod/prod-ingress.yaml
+++ b/infrastructure/kubernetes/overlays/prod/prod-ingress.yaml
@@ -60,5 +60,6 @@ spec:
            name: gateway-service
            port:
              number: 8000
-
-  # Monitoring (monitoring.bakewise.ai) is now handled by signoz-ingress.yaml in the signoz namespace
+  # Note: SigNoz monitoring is deployed via Helm in the 'signoz' namespace
+  # SigNoz creates its own Ingress via Helm chart configuration
+  # Access at: https://monitoring.bakewise.ai (configured in signoz-values-prod.yaml)
--- a/infrastructure/kubernetes/overlays/prod/signoz-ingress.yaml
+++ b/infrastructure/kubernetes/overlays/prod/signoz-ingress.yaml
@@ -1,78 +0,0 @@
---
-# SigNoz Ingress for Production
-# SigNoz is deployed via Helm in the 'signoz' namespace
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: signoz-ingress-prod
-  namespace: signoz
-  labels:
-    app.kubernetes.io/name: signoz
-    app.kubernetes.io/component: ingress
-  annotations:
-    # Nginx ingress controller annotations
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
-    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-    nginx.ingress.kubernetes.io/use-regex: "true"
-
-    # CORS configuration
-    nginx.ingress.kubernetes.io/enable-cors: "true"
-    nginx.ingress.kubernetes.io/cors-allow-origin: "https://bakewise.ai,https://monitoring.bakewise.ai"
-    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS, PATCH"
-    nginx.ingress.kubernetes.io/cors-allow-headers: "Content-Type, Authorization, X-Requested-With, Accept, Origin"
-    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
-
-    # Security headers
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_set_headers "X-Frame-Options: SAMEORIGIN";
-      more_set_headers "X-Content-Type-Options: nosniff";
-      more_set_headers "X-XSS-Protection: 1; mode=block";
-      more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
-
-    # Rate limiting
-    nginx.ingress.kubernetes.io/limit-rps: "100"
-    nginx.ingress.kubernetes.io/limit-connections: "50"
-
-    # Cert-manager annotations for automatic certificate issuance
-    cert-manager.io/cluster-issuer: "letsencrypt-production"
-    cert-manager.io/acme-challenge-type: http01
-
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - monitoring.bakewise.ai
-    secretName: signoz-prod-tls-cert
-  rules:
-  - host: monitoring.bakewise.ai
-    http:
-      paths:
-      # SigNoz Frontend UI
-      - path: /signoz(/|$)(.*)
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: signoz-frontend
-            port:
-              number: 3301
-      # SigNoz Query Service API
-      - path: /signoz-api(/|$)(.*)
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: signoz-query-service
-            port:
-              number: 8080
-      # SigNoz AlertManager
-      - path: /signoz-alerts(/|$)(.*)
-        pathType: ImplementationSpecific
-        backend:
-          service:
-            name: signoz-alertmanager
-            port:
-              number: 9093